×

Discussion Board

Page 2 of 3 FirstFirst 123 LastLast
Results 16 to 30 of 41
  1. #16
    Registered User
    Join Date
    Jul 2007
    Location
    Bangalore
    Posts
    30

    Lightbulb Re: Can Symbian signed crack proof an application?

    Well..This is an interesting discussion.
    I recently finished coding trial version of my CallBlackList application, and was thinking of posting it in Handango.
    After visiting:
    http://crackteam.ws/get.shtml?213717
    I found out that these so called cracker guys are posting only one code to unlock this particular application.
    I assume this works as follows(symbian signed is nowhere involved):
    There are two ways to protect your application and generate activation keys:

    1.You have just one key, to unlock any app. I think this is what Handy Blacklist guys have done. Now, anybody can use this key, and unlock App. Crackers normally read the assembly code to generate this key(it's not that difficult...you can find lot of a help in google).In the end you are just comaparing an activation key against a const String(Descriptor).

    2. You can create a dynamic key. Now dynamic key is nothing but a key which is binded to your IMSI or IMEI. Now this is quite secure(but still hackers r hackers). So, nobody can post just one key for all phones. Key will depend from phone to phone. So to make hackers life difficult, make a complex dynamic code calculation algo....

    jus a few thoughts....

    Br
    Gurpreet
    http://www.mobisy.com

  2. #17
    Super Contributor
    Join Date
    Jun 2004
    Location
    SymbianLand
    Posts
    763

    Re: Can Symbian signed crack proof an application?

    Ok here is the output :
    Code:
    Primary:
    Issued by Symbian.
    Issued to 79df02ed0744e58c61c59c184d80bb7e.
    Valid from 07/02/2007 to 06/02/2017.
    Issued by VeriSign Testing-Based ACS Root for Symbian OS.
    Issued to Symbian Limited.
    Valid from 13/10/2003 to 27/08/2023.
    Can make any sense?
    Man I need to really brush my Symbian security related info .
    --Mayur.

  3. #18
    Registered User
    Join Date
    May 2007
    Location
    Helsinki
    Posts
    15

    Re: Can Symbian signed crack proof an application?

    I've seen a 3rd s60 Navigation Software cracked and distributed, which supported Location Acquisition API. Yes, it was unsigned, but the problem was that there was a very good step-by-step instruction how to sign the software by registering to www.symbiansigned.com. I also read the forum, and it seemed that many were willing to go through these steps to sign the software. Many comments were that this was surprisingly easy to do.

    So symbiansigned.com was actually becoming a method of distribution until they closed up the new registerations for "server capacity reasons". I don't think the problem is gone away, until the dev.certs are limited somehow. This is a complex issue of course, and actually I'm not too keen about the whole signing thing, I think symbian would be better off without it all together. But since we do have it, and it's not going away, I don't like loosing one of the only benefits from it.

    I would be very interested on learning some key points how to make crackers / reverse engineering harder. I'm not expecting any theoretical lectures here, but some points what you should be considering, and maybe links to commercial/non-commercial copy protection libraries to symbian.

  4. #19
    Regular Contributor
    Join Date
    May 2007
    Posts
    463

    Re: Can Symbian signed crack proof an application?

    Judging by the signsis output, looks like they haven't modified the thing at all... presumably it's just the registration algorithm that has been cracked (or at least, a copy has been registered with a stolen card and that serial number redistributed...)
    Get Resolvr - The Zeroconf framework for Symbian OS free today. Make your IP networking applications fun and easy to use. http://www.novelinteractions.com/resolvr/
    Proud to be the only autorickshaw owner in Cambridge - http://blog.novelinteractions.com/images/tuktuk.jpg

  5. #20
    Registered User
    Join Date
    Jul 2007
    Location
    Bangalore
    Posts
    30

    Re: Can Symbian signed crack proof an application?

    exactly cdavies-nokia...This is what i meant..
    Br
    G;p
    Best Regards
    Gurpreet
    www.mobisy.com
    singhgupi.googlepages.com

  6. #21
    Super Contributor
    Join Date
    Jun 2004
    Location
    SymbianLand
    Posts
    763

    Re: Can Symbian signed crack proof an application?

    I would be very interested on learning some key points how to make crackers / reverse engineering harder. I'm not expecting any theoretical lectures here, but some points what you should be considering, and maybe links to commercial/non-commercial copy protection libraries to symbian.
    So am I.
    If someone can provide an example of a commercial application which has not been cracked,I think that can serve as a good case study for guidelines to produce applications which are "hard" to crack.
    --Mayur.

  7. #22
    Super Contributor
    Join Date
    Oct 2005
    Posts
    739

    Re: Can Symbian signed crack proof an application?

    Yes as mayur said we need to find out a strong method to get out from this cracking people. If any body have a valuable findings please share here for protect our applications.

    Regards,
    Peter

  8. #23
    Registered User
    Join Date
    Jul 2007
    Location
    Bangalore
    Posts
    30

    Smile Re: Can Symbian signed crack proof an application?

    If someone can provide an example of a commercial application which has not been cracked,I think that can serve as a good case study for guidelines to produce applications which are "hard" to crack.
    Well, when I was making my application, I had the same question in mind. I personally feel that dynamic registration model is quite secure, at least "theoritacally".See
    http://www.codeproject.com/ce/Revers...asp?print=true

    But, I'm also new to application selling, so don't know how secure is the Dynamic registration practically. Will let you know, if I get some data on this.

    Also, I've made trial version creator class in S60 3rd edition
    - Creates a trial version on date basis, time basis or usage basis
    - Makes callbacks to application, when trial status changes or lock status changes
    - Calculates activation code from devices IMEI, and compare it against the user entered one. Unlocks if it's same.
    ... will distribute it once I'm finished my testing.

    If some body have better ideas on making strong unhackable RPN Strings, pls contribute.
    Best Regards
    Gurpreet
    www.mobisy.com
    singhgupi.googlepages.com

  9. #24
    Super Contributor
    Join Date
    Jun 2004
    Location
    SymbianLand
    Posts
    763

    Re: Can Symbian signed crack proof an application?

    Quote Originally Posted by singhgupi View Post
    Also, I've made trial version creator class in S60 3rd edition
    - Creates a trial version on date basis, time basis or usage basis
    Seen them hack many times,so ruled out.
    Quote Originally Posted by singhgupi View Post
    - Makes callbacks to application, when trial status changes or lock status changes
    - Calculates activation code from devices IMEI, and compare it against the user entered one.
    Again have seen many keygens which just take IMEI and produce the registration code.So it has been proven to be not effective.
    --Mayur.

  10. #25
    Registered User
    Join Date
    Jul 2007
    Location
    Bangalore
    Posts
    30

    Re: Can Symbian signed crack proof an application?

    Hi Mayur
    Is there any link which suggests how keygen works?
    In simple words,I want to find out....
    "How a hacker, gets a RPN string out of my sis file, and generate activation code? Is it really that easy"
    If by some means we get to know, about their reverse engineering, we can develop stronger ways.
    BTW, in the end, I also believe that everything can be hacked, its just making hacker sweat while hacking
    Best Regards
    Gurpreet
    www.mobisy.com
    singhgupi.googlepages.com

  11. #26
    Super Contributor
    Join Date
    Jun 2004
    Location
    SymbianLand
    Posts
    763

    Re: Can Symbian signed crack proof an application?

    Well there are some tutorials about S60 reverse engineering,one of the better organised & presented, one is this one(first link - Primer On Reversing Symbian S60 Applications):
    http://arteam.accessroot.com/tutorials.html
    Am not sure if it purely defeats RPN,but have seen many apps which have used IMEI for registration and have failed spectacularly,they in turn may or may not have used RPN.
    Quote Originally Posted by singhgupi View Post
    Hi Mayur
    "How a hacker, gets a RPN string out of my sis file, and generate activation code? Is it really that easy"
    If by some means we get to know, about their reverse engineering, we can develop stronger ways.
    If you have heard of IDA,then you would know how easy is it really crack most of the algorithms.
    Also I think if some kind of code encryption can be put in then static code analysis can be defeated to certain extent.
    --Mayur.

  12. #27
    Regular Contributor
    Join Date
    May 2007
    Posts
    463

    Re: Can Symbian signed crack proof an application?

    In many ways, using the IMEI actually makes it *easier* to crack a program, since it gives the cracker something to look for.

    People cracking Symbian programs have somewhat of a disadvantage compared to their windows cousins, in that they have to rely on static analysis, and can't run programs under a debugger and watch the flow of control easily.

    So, the key thing is not to make the code that implements your protection obvious. Make use of things like calculated long jumps, exceptions and the active scheduler, and most importantly, don't display warnings at the same point in the code as the actual authentication takes place.
    Get Resolvr - The Zeroconf framework for Symbian OS free today. Make your IP networking applications fun and easy to use. http://www.novelinteractions.com/resolvr/
    Proud to be the only autorickshaw owner in Cambridge - http://blog.novelinteractions.com/images/tuktuk.jpg

  13. #28
    Registered User
    Join Date
    Jul 2007
    Location
    Bangalore
    Posts
    30

    Question Re: Can Symbian signed crack proof an application?

    Make use of things like calculated long jumps, exceptions and the active scheduler
    Any code examples....??
    Best Regards
    Gurpreet
    www.mobisy.com
    singhgupi.googlepages.com

  14. #29
    Registered User
    Join Date
    May 2007
    Location
    Helsinki
    Posts
    15

    Re: Can Symbian signed crack proof an application?

    How about having a RSA public-key on the binary, and use a RSA private-key to generate keys from customer's IMEI (encrypt with the private key)? This way the registration can not be cracked without changing the binary, or stealing your private key.

    I understand the point about IMEI, it could make cracking easier. But if they could not change the binary, let's say I'm using restricted API's and symbian signed dev certs are not misused. It is a big benefit that IMEI can't be changed too easily.

  15. #30
    Regular Contributor
    Join Date
    May 2007
    Posts
    463

    Re: Can Symbian signed crack proof an application?

    It's no more secure than anything else, since they'll either replace the key or patch out the check routine.
    Get Resolvr - The Zeroconf framework for Symbian OS free today. Make your IP networking applications fun and easy to use. http://www.novelinteractions.com/resolvr/
    Proud to be the only autorickshaw owner in Cambridge - http://blog.novelinteractions.com/images/tuktuk.jpg

Similar Threads

  1. Symbian Signed Catalog
    By dangeross in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 0
    Last Post: 2006-11-30, 11:14
  2. Distributing for Symbian 9 without Symbian Signed
    By tal.shahar@mobile-mx.com in forum Symbian
    Replies: 2
    Last Post: 2006-09-06, 05:15
  3. DB2E Application Installation Fail in Symbian 7 Emulator
    By darontan in forum Symbian Tools & SDKs
    Replies: 2
    Last Post: 2005-03-03, 01:51
  4. Replies: 0
    Last Post: 2004-05-21, 11:16

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×